AFCEA Technet 2007 The need for security Georges D’hollander Maj Gen, BELAR Director, NHQ C3 Staff, and also Vice-Chairman NC3 Board AFCEA Technet Europe Helsinki, 18 October 2007 Thank you, Mr Chairman. As we are limited in time, I will focus on two topics that are of high importance to NATO at the moment. By the way, both topics will be on the agenda of the upcoming Informal Defence Ministerial in Noordwijk, the Netherlands, next week. (next) “To drive the provision of enhanced Alliance C3 capabilities in support of the common values of NATO”

Securing Information Information Let me to introduce these topics. Secure information is nothing new, we have been doing it for centuries. What is new however and what has dramatically changed for NATO since the Cold War era, is that we now live in an information technology age. This affects military personnel both as individuals - because we already use IT in our private lives – but also as commanders because we have to command and control more sensors, a wider variety of weapon systems, we have more dispersed troops, etc. and therefore more co-ordination is needed and we deal with bigger information flows. This means that we have to transform. Let’s see how Information Assurance fits into NATO’s transformation. [click] The enemy, who is unknown, fights an asymmetric war, has the same access to public information as we do and amply exploits the communication strategy (for example the Taliban in Afghanistan). Old-fashioned fortresses no longer protect hidden treasures. Also, our society has changed and needs more information. For example : with banking, every one can transfer money without going to the bank; administrations are now proposing modern public services via the Internet, etc. Some nations are deeply engaged in the digitisation of the real life of their citizens. A good example is Estonia. But because we use more open capabilities such as the internet, we become more vulnerable. This brings me to the 2nd part of my presentation on cyber defence. [next]

INFORMATION SUPERIORITY NETWORK ENABLED CAPABILITY Interconnectivity How to Transform Effects-based Approach to Operations Transformation Objective Area Capabilities Collect DATA / INFO (INTEL) INFORMATION ASSURANCE Management Information Management EFFECTIVE ENGAGEMENT EFFECTIVE ENGAGEMENT Let us start with transformation. On the slide you see the battlefield of today. It is very complex. The business of NATO and especially the business of the Commander is to achieve the best Decision Making process to effectively conduct an Effects-Based Approach to Operations. Therefore, we have to fuse, analyze and disseminate large amounts of data. [click] The ultimate aim is of transformation is effective engagement. In order to reach this objective, we need to be securely interconnected. That’s the aim of NATO Network Enabled Capability (NNEC). If we want to implement NNEC, we need policies and procedures, architecture and networks, systems, standards and spectrum. The latter is fast becoming a scarce resource. Interoperability and interconnectivity have become key words. Being networked, we achieve Information and knowledge superiority. With this, we decide better and faster, to obtain Decision Superiority. Finally, we achieve effects superiority. On the technical side, NNEC is supported by a Networking Information Infrastructure (NII). The power of this puzzle relies on the coherent management of many different components and as you can see on the screen, Information Assurance is one of them. [next] Collect DATA / INFO (INTEL) Spectrum Management DECISION SUPERIORITY INTEL INFORMATION SUPERIORITY Fuse DATA / INFO Spectrum Analyse DATA / INFO NETWORK ENABLED CAPABILITY Standards Interconnectivity Disseminate DATA / INFO Hardware / Systems Interoperability Architecture / Networks Policies & Procedures Infrastructure / Architecture Management

INFOSEC / Information Assurance Here you see the functional view of NNEC with its 6 layers (4 horizontal and 2 vertical). The vertical ones apply to all horizontal layers. The 2 lower layers constitute the NII that I just mentioned. Let us now focus on Information Assurance. The definition of INFOSEC is based on the concept of CIA (confidentiality, integrity, availability) and is still valid and used. Whereas INFOSEC seems to be a limiting term, the new term Information Assurance (IA) is seen as a much broader term, a NNEC enabling factor, and it has additional aspects such as authentication and non-repudiation, as well as protection, detection, reaction and restoration. This term is in the process of being adopted within NATO. [click] In order to create a secure and flexible NII, the communications core has to be expanded and must provide the appropriate security services. The Protected core network concept should be able to guarantee quality of service at a level currently not yet achieved by commercial best-effort initiatives. This will require immediate handling of unauthorised traffic inserted into the network. And that means that the network should provide end-to-end services that ensure e.g. the proper Quality of Service. In the long term, solutions will support timely and secure bi-directional information exchange between trusted and less trusted domains, including public networks. Access control at domain boundaries will be based on object meta-data, user roles and an adaptive security policy. Complex data formats, including executable code, can be exchanged. Supporting the concept of an expanding core, solutions can reside in end-systems or in dedicated gateways. The solutions will have a high assurance of secure operation. Of course, secure flexible transport services and secure dynamic information sharing will need to be managed. The security management and cyber defence is to achieve a cyber C2 capability where all the mechanisms and devices can be managed as well as defended. [next] Information Assurance Users & Missions Service Management & Control Funct Serv TOAs Secure and Dynamic Information Sharing Community of Interest Security Management & Cyber-defence COP SI Information Integration CES XML Registry N I Secure and Flexible Transport Services Networking & Information Infrastructure (NII) Communications waveforms SDR IP, SCIP

Some Ways to Acquire Information… Cyber threats Some Ways to Acquire Information… Let me now come to my second topic, namely cyber defence. NATO takes the issue of cyber security very seriously. Recent incidents have raised the profile of this topic in NATO. We defend against cyber attacks that are specifically targeted at NATO, such as viruses and other malicious software, but also denial of services attacks, originated from botnets (sets of zombies computers) established or rented by attackers. Just like many other organizations with public exposure, NATO experiences frequent attempts to break into its public-facing computer networks. And we see this on a regular basis. Risks to cyber space and computer networks are increasing with the increased complexity and interconnections of computer networks. [next] One Way to Attack a Target… …Another Way

NATO’s Cyber Defence initiative FOC The aim for NATO’s Cyber Defence initiative is to implement a NATO-wide Cyber Defence capability able to prevent, detect, respond and recover from cyber attacks against the information systems of critical importance to the Alliance in a cyber defence scenario requiring readiness, effectiveness and short decision-making processes. [click] The NATO Communication and Information Systems Services Agency (NCSA) is NATO’s first line of operational defence against cyber attacks. NCSA operates both the NATO Information Security Operations Centre and the NATO Computer Incident Response Capability Technical Centre, providing an integrated and highly synergistic cyber defence organisation. These centres will operate 24 hours a day, seven days a week all year round. The NATO Computer Incident Response Capability Technical Centre provides NATO with a range of highly specialised computer services, including incident detection, response and recovery that help ensure the security of NATO communication and information systems.  These services are delivered across the whole of the NATO CIS landscape, encompassing both operational and static locations. The way ahead includes an enhanced and more powerful capability originated from the recommendations of the Interim Operational Capability phase of NCIRC, lessons learned from the Estonian cyber attacks AND decisions from high level committees and authorities such as the recommendations included in the EWG report to the NAC, the recommendations of NHQC3S to the NC3B and the NAC harmonizing NCSA, EWG and IMS sets of recommendations and finally the consideration of CD as a strategic issue for the Director IMS. [next] NCIRC Bodies nation nation nation operations

AFCEA Technet 2007 The need for security Any question ? AFCEA Technet 2007 The need for security Georges D’hollander Maj Gen, BEAR Director, NHQ C3 Staff, and also Vice-Chairman NC3 Board AFCEA Location, Date 2007 Ladies and gentlemen, this concludes my presentation and I stand ready to take questions when the time is appropriate. “To drive the provision of enhanced Alliance C3 capabilities in support of the common values of NATO”